With the Presidential election right around the corner millions of people will soon venture to their local polling place to make their voice heard and cast their vote. More than 9,000 US jurisdictions will work together to add up digital and paper ballots on Election Day. But will that vote be counted correctly? Will your vote reflect exactly who you voted for? How can you be sure that no one has hacked your vote? These are questions that experts are working on to make sure that the cybersecurity at each polling station is as up to date as possible. With the recent attacks on the Democratic National Committee and the increasing attacks from state sponsored actors the concern that this election could be hacked is mounting. Security researchers have shown that electronic voting machines are vulnerable and that has put agencies in the US government on alert.
In every election there is always some sort of error but these errors become more magnified when the race is a close one. With the way this Presidential race is shaping up it can one of the closet races in history and even the slightest amount of tampering could have an major impact on the outcome. So ensuring that every vote gets counted and counted correct is very important. One person looking to make sure everything is as secure as possible is Georgia representative Hank Johnson, he is set to introduce two bills designed to secure what he sees as a fragile system’s security. Mr. Johnson is introducing the Election Infrastructure and Security Promotion Act of 2016 and the Election Integrity Act. The Election Infrastructure and Security Promotion Act of 2016 will require the Department of Homeland Security (DHS) to designate voting systems as critical infrastructure, what this means is that reclassify these voting systems and put them on the same level as the way a power grid is protected. This act will seek to compel states to comply with relevant federal rules while incorporating additional security standards and testing measures. The Election Integrity Act would prohibit election systems that are responsible for vote casting or tabulating from being connected to the internet. “The individual, durable paper record must be able to be verified by the voter before casting; stored in a way to preserve anonymity of the voter; and used as the final authority over electronic records audits/recounts. Recounts and audits must include paper ballots of overseas/absentee voters,” a summary of the Election Integrity Act provided to FedScoop reads. With these two bills $600 million of new funding is being requested to make sure that these acts are executed in 2017 and 2018.
The methods and equipment used for voting in America’s federal elections is established on a state-by-state and county-by-county basis. However, designating voting systems critical infrastructure would change that and the DHS would be responsible to oversee and standardize measures like voting machine testing and audit procedures. This has however brought up the question of whether the DHS even has the authority to take on such a leadership role of federal elections on its own especially since in the Constitution it states that states have the responsibility of dictating the times, places and manner of federal elections. However, the Constitution does go on to say the Congress has the power to alter federal voting regulations. While this is all debated the DHS has offered assistance to states that want additional help vetting their voting systems and taking final precautions prior to the upcoming election. Also, after cyber attacks on databases in Illinois and Arizona the DHS published a list of best practices to secure voter registration data against potential hackers. Some of those measures are applying software updates and restricting high-level technical privileges to key officials.
The digital threats facing voting systems is a real matter. More than half of the states use some type of electronic voting and in most cases the equipment and software being used is old, buggy and unpatched. Researchers have shown that attacks are possible both on election day when a hacker could go into the voting booth and use portable hardware to vote more than once, or after voting when data travels unencrypted to a central location for further audits and counting. There are quite a few robust vetting and auditing initiatives already around the country, such as recommended voting machine test standards published by the National Institute of Standards and Technology. The real problem is that there is no mandatory minimum benchmark. As a result, there’s no current way to know whether jurisdictions have security vulnerabilities due to management issues or resource scarcity.
Many believe that if someone were to try and hack into the polling results it would come from an outside state actor like Russia or China. With many blaming for the Russians for breaching the DNC it is not too far fetched to think an outside state actor could and would want to tamper with the results.
So as you go to cast your vote this November hopefully all the necessary precautions have been put in place and in the end whoever wins this presidential race does so under no questioned cybersecurity issue. Only time will tell.